DragonGlass Token Sale Smart Contracts Audit Overview
The audit makes no warranties or statements about utility of the code, safety of the code, suitability of the business model, regulatory regime for the business model, or any other statements about status of the contracts to purpose, or their bug free status. The audit documentation is for discussion purposes only and should not be construed as an investment advice.
Intro
Cryptodus company was contacted by DragonGlass, LLC to perform their Smart Contracts audit. The aim of this audit was to ensure that these contracts are not easily attacked by third parties, to ensure that the code is well written and performs according to the business requirements. This audit does not guarantee that that the code is without any bugs, but intends to highlight any areas of weaknesses. The auditor is not responsible for any issues within the smart contracts found during and after the audit.
The audit was performed on smart contracts DGS.sol and DgsICO.sol presented in the Github repository: https://github.com/dragonglassco/smart-contracts (commit: 1d87cac3fdc07b589140816a89b7414a5ae56708)
Issues found
Critical: -
Major:
- DgsICO fallback function. Checking whether certain Ethereum address invested less than 10 ETH or is verified to invest more can be worked-around by simply creating new wallets and transferring 10 ETH from each wallet. This would result in people investing more than 10 ETH without the need of verification.
- DgsICO fallback function. If function launch is not called after deployment, fallback function is being executed and does not throw any error. This could lead to confusion for investors waiting for the token sale and sending transaction earlier without any error. Also, it would set offeringClose to True.
*** Issue has been fixed in commit 3d3e890
Moderate:
- DgsICO fallback function. Assuming the maximum investment without verification is set to 10 ETH, and investor sends 9 ETH with first transaction and 2 ETH with second transaction. The second transaction will fail without investor knowing the issue and ability to check how much more he is allowed to invest.
*** Issue has been fixed in commit fece7f6
- DGS function “calculateMinedCoinsForTX” . Function calculates mined coins for transaction. Function is very complex and must be covered with unit tests.
*** Unit tests added in commit fece7f6
- DGS function “stop”. Function should stop the token sale. However, it does the opposite and launches the token sale once it is stopped.
*** Issue has been fixed in commit fece7f6
Minor:
- The code does not follow solidity style guidelines.
*** Changes has been made in commit: fece7f6 and 887d5ef
- The code is not covered with unit tests. As there are few custom and complex functions, we highly recommend to cover at least core logic with unit tests.
*** Partially fixed in commit: fece7f6
Conclusion
Smart Contracts are working as expected and the general flow is executed correctly. However, there are certain functions that do not work as their naming states, but their effect is not critical on the flow itself. We highly suggest to write unit tests and solve the issues described in the audit report.
